Barcelona 7th and 8th February. Supply Chain Cybersecurity

The security of the supply chain is becoming one of the most important aspects on the agenda of many organizations. This may be due to regulatory impositions, as is the case of financial institutions, on the part of both the European Central Bank (ECB) and the European Banking Authority (EBA), or also due to a growing awareness of the impact that the supply chain has on the business itself. And this awareness has a lot to do with the application of the European General Data Protection Regulation, which explicitly obliges the controllers to ensure that the third parties to whom they subcontract the processing of the data in their possession comply with the security measures that the responsibles should demand them.

Although, in fact, the concern for the supply chain extends beyond the personal data, since from that chain also ...
(Read more)

27 de enero de 2019

New Publications related to National Security Scheme

We have heard some news in these first months of 2018 related to the National Security Scheme (ENS), mandatory compliance framework in terms of IT security in Public Administration  field.

In February, LEET Security was accredited as certification entity in accordance with the ENS, and in April the approval resolutions of two new Technical Security Instructions were published in the Official Government Bulletin; whose objective is to properly develop the implementation of requirements and measures included in the ENS (Royal Decree 3/2010). 

On the one hand, the resolution of March 27, 2018 approves the Technical Security Instruction for Information Systems Security Audit  (BOE-A-2018-4573). And secondly, the resolution of April 13, 2018 approves the Technical Security Instruction for Security Incidents Notification  (BOE-A-2018-5370). 

The purpose of the Audit Security Technical Instruction is to establish the conditions for carrying out the ...
(Read more)

13 de junio de 2018

Stratesys achieves LEET Security's rating

Spanish digital services multinational Stratesys has obtained the Cybersecurity rating from LEET Security, which credits its effectiveness and quality in the development, support and maintenance of applications on the virtual environment of its clients. This certification shows the effective application by the consulting company of a high control framework and security measures in the three evaluated dimensions: confidentiality, integrity and availability.

The rating recognizes not only Stratesys' operations in terms of security management but also endorses the level of robustness and rigor of the security measures with which it provides remote services for support and maintenance of applications.

In this sense, Andreas Makrandreou, partner-director of Stratesys, assures that "the recognition of LEET Security is a guarantee of reliability and excellence in all the processes of management and execution of projects and services that we are providing to our clients. In ...
(Read more)

18 de mayo de 2018

E-Qualify is here

The long time expected self-assessment tool

Finally, it is here. For some time now, our clients and other entities interested in rating have been asking us for a simpler form, but keeping all the rigor incorporated within our methodology, to carry out the evaluation of their cybersecurity levels online.

And this is what we have done, incorporating all the controls and algorithms used in the qualification, within the E-Qualify tool, to carry out the analysis in a self-assessment format.

E-Qualify contains the complete rating framework, which allows the assessment of all aspects related to security in the provision of its services, covered in the 14 domains and 76 sections of the methodology, to provide the result based on the answers provided during the process. The evaluation report includes not only the global score, in the three dimensions of Confidentiality, Integrity ...
(Read more)

22 de abril de 2018

LEET Security at Gestiona Radio

Last April, 27, LEET Security participate in the Club de la Excelencia en Gestión section at program Pulso Empresarial with Antonio Ramos, together with Miquel Romero i Grané, Members and Knowledge Director to present the resutls of the Study 'Corporations and Cybersecurity'.

During the interview, we review the more relevant results of this Study, together with a short and clear explanation of key points of security rating: what is security rating? What elements are assessed? What is the meaning of rating?... And, also, some reflections on the impact of new privacy regullation (GDPR), cybersecurity accountability in corporations or, even, how rating could be incorporated into corporate compliance.

Interview can be hear in the followink ling from minute 30 ahead (in Spanish): link to the podcast and the CEG review of the interview at this link.

 


(Read more)
18 de mayo de 2017

ISACA Valencia webinar: How to manage the cybersecurity of hundreds

In this webinar organized by Valencia Chapter of ISACA, we share the paper given by Antonio Ramos in CSX2016 Europe event organized by ISACA in London, past October. As stated in the title, we will address the options an organization has to know, to understand and to manage the cyber risk of relationships with third parties, both providers and partners, connected and non-connected services and, of course, taking into account the organization risk appetite.

In this link you can register and, in the following days, we will also share the record of the webinar for being watched in the future... (link to recorded session)

¡¡Join us!!


(Read more)
18 de mayo de 2017

Another NSA Contractor Arrested in Possible New Theft of Secrets

After Snowden, some days ago media published a new case. Again, a Booz Allen Hamilton employe has been charged of secrets theft. It is not clear yet, if he has passed this documents, if he is a spy o if, simply, he was storing that information.

Read more about these news in our journal "Information Security rating and labeling magazine" or at:

The New York Times, "N.S.A. Contractor Arrested in Possilbe New Thef of Secrets"

Schneier on Security, "NSA Contractor arrested for Stealing Classified Information"

HelpNetSecurity, "Why attaching security to each piece of data is critical"

Forbes, "After Snowden, Another Booz Allen Contractor Accused of Stealing NSA Files"

SecurityAffairs, "Once again an NSA contractor is the headlines for the alleged theft of secret exploit codes and highly confidential documents"


(Read more)
8 de octubre de 2016

LEET Security selected to present at gigaTIC16

The paper presented by LEET Security to Iberoamerican Congress of ICT Governance and Advanced Management (gigaTIC16), "(Security) Vendor Risk Management: You cannot live without it", has been selected by the organizing committee of ISACA Barcelona and itSMF España at Catalonia. Therefore, next April, 28th at Telefónica Difital 00 Auditorium in Barcelona, we will have the opportunity to share how security rating can be used in vendor risk mamagement processes.

In our presentation, we will analyze how the growing dependency of third parties due to tendencies like digital transformation or shadow IT, makes necessary to analyze and manage the cybersecurity risk of that vendors. And, once you hace to manage third party risks, we will explore how security rating improves effectiveness and efficiency of this process allowing managing a high numer of vendors with a very adjusted resources allocation ...
(Read more)

25 de abril de 2016

Cloud Security Workshop hosted by European Commission

Next March, 18th, European Commission is hosting a workshop on cloud security with the subtitle: "Building Trust in Cloud Services - Certification and Beyond". The workshop will be facilitated by the European Commission and will focus on the following issues:

  • Cloud Security in the context of European Commission initiatives
  • Network & Information Security Directive and Cloud Computing Services
  • Best Practice: Risk Management of cloud computing services
  • Transparency: Incident Notification and Information Sharing for cloud computing services
  • Recognition: Cloud Certification Schemes & Assurance Levels
  • Impact Factors: Service Authentication, Law Enforcement Access, and Export Controls on cloud services

In each session throughout the day, panels of experts in cloud computing will touch on their own experience to convey their perspective of these issues. Participants will be invited to actively discuss their own experience of these issues and together prioritise mechanisms to address them.

LEET Security ...
(Read more)

22 de febrero de 2016

Aiuken Solutions achieves rating for its managed security services

On December 30, 2015, Aiuken Solutions achieved the rating seal of its services under the assessment and labeling methodology by LEET Security.

Aiuken has addressed the rating of services provided from its managed security center (SOC), consisting of "Managed Security Services" (which include data protection services, IT systems operation and threat management), “Web Application Firewall (WAF) services” and the "Anti-DDoS services", obtaining in all of them the triple C C C rating, which demonstrates the effective implementation of a large framework of control and security measures in all three evaluated dimensions (CIA: confidentiality, integrity and availability).

LEET Security rating evaluates beyond operational practices according to a ISMP, but the level of robustness and rigor of their own security measures implemented into the services and the resilience in case incident, providing Aiuken’s customers with a clear and transparent information on ...
(Read more)

13 de enero de 2016

LEET Security will develop the industrial cybersecurity capacity building model for INCIBE

INCIBE, entity under Ministry of Industry, Energy and Tourism, and LEET Security, have signed a collaboration agreement to jointly develop a cybersecurity capability building model for industrial systems and applicable to strategic and critical infrastructures.

This model will be based on the methodology developed by LEET Security to build up a labelling system that rates the efectiveness and maturity of security measures implemented by providers in their ICT services, and that will be adapted and evolutioned together with INCIBE to keep the allignment with international standards and good practices like NIST, ISA, ENISA, etc., as well as the own LEET Security model, creating a rating system based on 5 levels, from E to A.

This model to be developed will be also alligned with the rest of initiatives developed in the Security and Industry CERT (CERTSI_) dependent on INCIBE and ...


(Read more)
7 de septiembre de 2015

Collaboration agreement with Mostoles City Council, Reliable and Cybesecure Smart City

LEET Security has acceded to the Collaboration Agreement "Smart City" of Móstoles City Council with the project " Reliable and Cybersecure Smart City" that seeks to assure that technological services that support smart city projects started in the town are trustworthy.

This project will develop, firstly, a pilot phase with ICT services users related with Mostoles City Council and associated entities to evaluate and identify the cybersecurity requirements that should be added to those ICT services in order to provide confidence and privacy conditions to the information managed.

And, secondly, special conditions will be offered to ICT service providers located in Mostoles for adhering to security rating and labelling services, so that Mostoles town will become a pole of attraction for technological service providers that would bid for transparency and cibersecurity as they would become a reference at an European ...
(Read more)

25 de mayo de 2015

Rural Servicios Informáticos, first provider in gaining rating label from LEET Security

Rural Servicios Informáticos (RSI), entity that provides core banking services to Rural Groupo and other financial entities, has become first organization in rate the security of services provided gaining a B B A label according to LEET Security rating system.

RSI has become the first organization in gaining the rating security label offered by LEET Security.

RSI has undergone the rating of its 3 main services offered ('Services to Members', 'Services to Third Parties' and 'Internal Services') obtaining in all of them the level B B A. This rating level shows the effective application of a high control framework and security measures in the three dimensiones rated (confidenciality, integrity and availability).

The innovative security rating service offered by LEET Security provides information to RSI clients about security measures implemented, as well as its reponsed capacity in case of incident ...
(Read more)

4 de mayo de 2015

INCIBE publishes LEET SECURITY labeling in its section "Make Trustworthy Business"

INCIBE (Instituo Nacional de Ciberseguridad) has just published leet security rating mechanism in its website section "Make Trustworthy Business". This publication entails an analysis process by INCIBE abouth mechanism characteristics that ends with the publication of a summary of the main system characteristics in the website (link). 

As general summary, as stated in the information published by INCIBE, "this labeling / kite mark implies a rating of the provider being reviewed [the one that provides the service rated]. Therefore is quite important to check the rating of the label. This rating, refering to three dimensions of security, rates from A to E. In this scale, A means a higher security and maturity than E."

From leet security we would like to thank INCIBE by the willingness to add our security labeling mechanism to this section of its website due to the ...
(Read more)

24 de noviembre de 2014

LEET SECURITY security rating system recognized by ENISA

European Union Agency for Network and Information Security has just published the list of existing cloud certification schemes that includes the first security labelling system developed by LEET SECURITY over its rating system.
 

European Union Agency for Network and Information Security (ENISA), supporting the activities of the EU Cloud Strategy, has published a list of the existing Cloud Certification schemes (CCSL – Cloud Computing Certification Schemes List). This initiative will help potencial cloud users decide on the security of different cloud solutions. The list was developed by ENISA in close collaboration with the European Commission and the private sector (EC Certification Selected Industry Group).

CCSL gives an overview of different existing certification schemes which could be relevant for cloud computing customers. CCSL also shows which are the main characteristics of each certification scheme. For example, CCSL answers questions like "who issues ...


(Read more)
21 de noviembre de 2013

eVicertia, first company in adopt the rating system of leet security

Evicertia understands the importance of provide transparency to the security they implement in their services and, for that reason, it has relied on leet security rating system to label the security of all its services.

eVicertia (Evidencias Certificadas, SL), in his continuous efforts in security, understands that transparency is essential to build up trust with its users and, for that reason, it has decided to become the first company in adopt the rating system proposed by leet security, rating agency.

Thanks to this agreement, eVicertia and leet security will work together to verify the applicability of rating guide in all the services of certified notification provided by eVicertia (eviNotice, eviMail, eviSign y eviSMS) and the use of this security labeling system in these services.

Full text of press release (in Spanish) [PDF]


(Read more)
2 de abril de 2013

Leet Security will participate in Segurinfo España 2012

Antonio Ramos, CEO of  security rating agency will participate in the first edition of  Segurinfo organized by Usuaria Association in Spain the next 21st of November in the Palacio de Congresos (Madrid). Conference talks are organized in two tracks, one about security economics and other about cybersecurity and our CEO participation will be "Buying security services" and will talk about utilization of security rating for solving asymmetric information issues in ICT services. We will see you there...


(Read more)
31 de octubre de 2012

Partnership agreement with ANEI

Leet security, security rating agency, expands its agreements with Spanish technology Associations

Thanks to the collaboration with ANEI - National Association of Companies in Internet, now members of this association can access security rating services offered by leet security under special conditions

Full text of the press release [in Spanish]


(Read more)
30 de julio de 2012

Agreement to ease access to rating services for EuroCloud Spain members [ES]

EuroCloud España, consciente de las garantías demandadas por los usuarios acerca de la seguridad y confidencialidad de los datos almacenados en la Nube, ha firmado un acuerdo de colaboración con la agencia de calificación de servicios TIC, Leet Security, para facilitar el acceso de sus asociados a este sistema de generación de confianza.

La calificación ofrecida por Leet Security sobre los asociados de EuroCloud España contará con el respaldo de la organización de cloud computing y estará disponible para su consulta. De esta manera, aquellos interesados en contratar soluciones de cloud computing podrán comparar antes de contratar un servicio la confidencialidad, integridad y disponibilidad ofrecida por distintos los proveedores y elegir entre ellas según sus propias necesidades.

El sistema de calificación para la contratación de servicios TIC desarrollado ...
(Read more)

11 de junio de 2012

La Ministra de Empleo, Fátima Bañez, visita las instalaciones de Leet Security durante la inauguración oficial del Vivero de Empresas de Móstoles

Ayer, día 29 de mayo, tuvo lugar la inauguración oficial del Vivero de Empresas de Móstoles con la presencia del Alcalde de Móstoles, Daniel Órtiz (@danielortizesp) y la Ministra de Empleo y Seguridad Social, Fátima Bañez (@FatimaBanez). Después de la inauguración y antes de los discursos institucionales, tuvimos la suerte de contar con la visita de la comitiva liderada por la Señora Ministra a nuestras instalaciones en el Vivero. Os dejamos con los vídeos de la visita:

  • Vídeo oficial del Ministerio de Empleo y Seguridad Social

  • Vídeo de la Agencia de Noticias europapress (enlace).

(Read more)
30 de mayo de 2012

LEET SECURITY participará con una ponencia en el Academic ITGSM12

itSMF España junto a la Universidad Carlos III de Madrid, la Universidad de Oviedo y la Universidad de Extremadura organizan el próximo 28 de mayo, el Academic ITGSM12: VII Congreso Académico Internacional en Gobierno y Gestión del Servicio de las Tecnologías de la Información (TI).

El Congreso Academic ITGSM12 se centra en pedir a la comunidad Académica y de las empresas más innovadoras que compartan su visión, investigaciones y trabajos que ayuden a impulsar al tejido empresarial a avanzar ante este nuevo reto. Siguiendo esta línea argumental, la temática del congreso se agrupará en torno a las últimas prácticas, experiencias e investigaciones del Gobierno y la Gestión del Servicio de unas tecnologías de la información que son clave para la sociedad y la economía ...
(Read more)

17 de mayo de 2012

Conferencia ALI - CPITICM:

El próximo jueves, 26 de abril, a las 19:00, participaremos en la conferencia organizada por la Asociación de Titulados Universitarios Oficiales en Informática (ALI) y el Colegio Profesional de Ingenieros Técnicos en Informática de la Comunidad de Madrid (CPITICM) en el Salón de Grados de la Facultad de Informática de la UPM ubicada en el campus Sur (Ctra. Valencia, km. 7)

Título: Conferencia ALI - CPITICM: "La calificación de seguridad TIC" Lugar: Sala de grados Escuela Universitaria de Informática - Campus Sur UPM (Ctra. Valencia, km. 7 - Madrid) Hora de Inicio: 19:00 Date: 2012/04/26 Hora de Finalización: 21:00


(Read more)
23 de abril de 2012

Daniel Ortiz destaca el perfil innovador y pionero de los sectores laborales de los emprendedores del Vivero de Empresas

El regidor de Móstoles, que ha entregado las llaves de las oficinas, ha resaltado la vocación de los emprendedores seleccionados en la búsqueda de nuevos yacimientos de empleo, ideas relacionadas con las nuevas tecnologías y las redes sociales y, en general, de proyectos alejados de la oferta productiva habitual. El Alcalde de Móstoles, Daniel Ortiz, ha destacado el perfil innovador y pionero de los sectores laborales de los emprendedores que radicarán sus negocios en el nuevo Vivero de Empresas. El regidor, que ha entregado las llaves de las oficinas, ha resaltado la vocación de los emprendedores seleccionados en la búsqu3eda de nuevos yacimientos de empleo, ideas relacionadas con las nuevas tecnologías y las redes sociales y, en general, de proyectos alejados de la oferta productiva habitual. Enlace a la noticia original

 

(Read more)
20 de enero de 2012

SOURCE Barcelona

Next Nov, 16th we will be presenting at  Conferencia SOURCE de Barcelona about applicability of rating model to cloud computing services provisioning. In our talk we will address the advantages of applying this model to whatever kind of cloud computing services (IaaS, PaaS or SaaS) and how it will help to solve issues related with compliance. Thanks to the organizations, we have an invitation at 50% to assist the conferences, so if you are interested, please send us an email to info at leetsecurity.com

(Read more)
2 de noviembre de 2011